b3b6418bd2db6b77bffcc3986d1657f702a5f3252152243d3339ef3ee90b2139

Analysis

max time kernel
136s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
01-07-2024 01:42

Target

b3b6418bd2db6b77bffcc3986d1657f702a5f3252152243d3339ef3ee90b2139.dll
Size

684KB
MD5

6178f5cf28a1b4e77a7886ed0ae2e105
SHA1

66a7ace54526425f5b6e08d60dd4cd2a3c82bc15
SHA256

b3b6418bd2db6b77bffcc3986d1657f702a5f3252152243d3339ef3ee90b2139
SHA512

533b118d5eb3749cc22bcabcf66095eaddeb7192755ea1d42b3cdfb62596e206acaa5768b8caa21c54083c64b8366b9c5147f3dd260c9ed23a0869539233440f
SSDEEP

12288:fj4nQ9X7RZn4WXd+GXZVb7Zjbc8MKi1bvwuH:f8krRZn4Wt+GXZVb7Zjbc8MKavx

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4724 wrote to memory of 1568	4724	rundll32.exe	rundll32.exe
PID 4724 wrote to memory of 1568	4724	rundll32.exe	rundll32.exe
PID 4724 wrote to memory of 1568	4724	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b3b6418bd2db6b77bffcc3986d1657f702a5f3252152243d3339ef3ee90b2139.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4724

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b3b6418bd2db6b77bffcc3986d1657f702a5f3252152243d3339ef3ee90b2139.dll,#1
2⤵
PID:1568